TCPDUMP – Tips

As I do my MSc Project with some tools including TCPDump, I decided to post some tips on using TCPDump.

First things first – some commands.

Basic command to capture traffic on a given interface (e.g. eth0)

tcpdump tcp -i eth0 -w capture.log

In this instance, traffic on eth0 will be captured and saved to a file called capture.log

if you intend to export this log to Excel as a CSV file which is a little tricky, Wireshark for the rescue!

Open the log file in Wireshark -> File -> Export Packet Dissections -> Export as CSV

Make sure that you also add the .csv at the end of the filename regardless of it being saved as CSV. Now, the file should open in Excel.

All traffic on an interface

tcpdump -i eth0

Specified number of packets

tcpdump -c 20 -i eth0

-c specifies the number of packets

To display MAC address in the capture

 tcpdump -e -i eth0

For a timed capture on TCPDump

tcpdump all -G 15 -W 1 -w myfile_tcp_15secs -i eth0 

The ‘–G 15’ defines the time period for TCPDump to capture

The ‘-w’ writes to file as named in to location of current directory

The ‘–W’ is the number of iterations the capture will occur

Leave your comments

Thanks 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s